From patchwork Fri Jun 30 03:25:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13297542 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 94C3CEB64DD for ; Fri, 30 Jun 2023 03:25:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1431D8D0003; Thu, 29 Jun 2023 23:25:42 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0CC088D0001; Thu, 29 Jun 2023 23:25:42 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EADD58D0003; Thu, 29 Jun 2023 23:25:41 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id DD9EC8D0001 for ; Thu, 29 Jun 2023 23:25:41 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id B18B41A04F2 for ; Fri, 30 Jun 2023 03:25:41 +0000 (UTC) X-FDA: 80957974482.02.03DA73F Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by imf27.hostedemail.com (Postfix) with ESMTP id D1BA240007 for ; Fri, 30 Jun 2023 03:25:39 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=bWbcBjLe; spf=pass (imf27.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.210.171 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1688095539; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=gG0p2NxJxfYPPHk57XaDb7PRgK5Ncrcc/zrK6bcWJBo=; b=olTBNwGWzEskkfw0EBeYXTurnL3DFqnZwTilMVHZs50sHWBhshOheGdC5ZGP1sGev2GFpd GzRRmdegEYspZsOCWMjHiTiZSp5ERvINt7OrqYFBcdxqG/LOOhBMLwkap0G1geB1yvkh+N BykCBN2++eG4HevsLs6cLmwIcXLqCag= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1688095539; a=rsa-sha256; cv=none; b=d7vGHIPdvumlfURPCBtttcJdWH+iyU5U0r28eNC/MLeWBxOYDwdldSdZPJ3i/IYmSmBiEu OnfKlThBmsoNPx2hbnOEMQrQVNZlB72H+bdtUy8bV3VZAduQn3W9DYNNV4Ma/iguh+jtgo /ivyFmSBR2ONPxU92ukpDooZoIgWe5g= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=bWbcBjLe; spf=pass (imf27.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.210.171 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-666edfc50deso892123b3a.0 for ; Thu, 29 Jun 2023 20:25:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1688095538; x=1690687538; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=gG0p2NxJxfYPPHk57XaDb7PRgK5Ncrcc/zrK6bcWJBo=; b=bWbcBjLe/HmjBUDi0chJKHI1VfwXeVHFrwoWQ6d5F3ktM+1Hx4SU0oGAk43uPUCNJS fay+/AQYi1YyouUv9X87uiVa71QR3+42BgL6odKqwm0xDf4ur4NY6vRttiQcU8fa9H7C BbtQfAx2ouVJRy+ccgkoOOaFpSGcWKEme9h7w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688095538; x=1690687538; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gG0p2NxJxfYPPHk57XaDb7PRgK5Ncrcc/zrK6bcWJBo=; b=EeP6Z+3oe2TKQFmv80PmulV29AMnRWIPqTMCV3+AsFekXxQA/QsmK9yd8xyDqe9QPO Ky6OYnKhyhA+EMny+3hSJW7BBrwCC2cPUu27Ru3dsxCxIt9X4tCmCth8v1/Z081nKk1r dlBMT0yfyYjV+gJ2av0YLwLi0ucjohTPgWkDn1nqcoAN89/UtyWA0IgZSolpew79f+es cN7yTW4QvSpyxxIW3msO/pPF3aUp4z3OhrNajZ3sbAah2GsV2hxzMQ6/XyGu4weu4GUd JNhIoyHcEcgzoSfxOeTeLEhIPLBE+JQHbmvJnu08ME2PraOXHBhoIit+RarLpD329hS/ BMDA== X-Gm-Message-State: AC+VfDxaJ+uXTi6/g3IzRO7FGNMGfTkzbiql6yW7QfaIkH2rFxmtcOe3 L7wJx3QpuXW27FZ0bX1H7EAB1g== X-Google-Smtp-Source: ACHHUZ5TBCQc99UAuCTq/sSZmqcHuuEfzJMPoZsd6eNZgMDz7INWJtHCNyWIS/wMBM2hYLOZS6QS3A== X-Received: by 2002:a05:6a00:27aa:b0:657:1fe5:eb63 with SMTP id bd42-20020a056a0027aa00b006571fe5eb63mr7433745pfb.7.1688095538633; Thu, 29 Jun 2023 20:25:38 -0700 (PDT) Received: from localhost (183.43.230.35.bc.googleusercontent.com. [35.230.43.183]) by smtp.gmail.com with UTF8SMTPSA id f4-20020aa78b04000000b0064fd4a6b306sm8973599pfd.76.2023.06.29.20.25.38 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 29 Jun 2023 20:25:38 -0700 (PDT) From: jeffxu@chromium.org To: skhan@linuxfoundation.org, keescook@chromium.org Cc: akpm@linux-foundation.org, dmitry.torokhov@gmail.com, dverkamp@chromium.org, asmadeus@codewreck.org, hughd@google.com, jeffxu@google.com, jorgelo@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, linux-hardening@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [PATCH v3 1/1] Documentation: mm/memfd: vm.memfd_noexec Date: Fri, 30 Jun 2023 03:25:35 +0000 Message-ID: <20230630032535.625390-2-jeffxu@google.com> X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog In-Reply-To: <20230630032535.625390-1-jeffxu@google.com> References: <20230630032535.625390-1-jeffxu@google.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: D1BA240007 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: m8omxi1segpciifh6668e36usd7xns61 X-HE-Tag: 1688095539-190610 X-HE-Meta: U2FsdGVkX19booC0gqGNDnryPOwt3Mij3nCPEveF8ZG8xa53WxR660qIlAygR2wWI+VqEtvk1lmTUL9Nitn+jVGuvtuyS97Oghd4oc0IBlXVlKdmsN97KF3HZMpmb9Qefwd0YBTO48XKVXWauJXOQCdxMiU2s7ju6RaSBxdzJdJEh/OaAHBUAhqF2Dz9OI7KgMBxUDCHTM/MS9eNXmd/EBZIcw2zyaB1BKBvMceErFDrZVBvZoltVrNpWJ4JagD6wiKbYKuOqHETClsqoceK9SIZ/0sQh30X90scGIKG2DiRf8oiXTuA7FWqhZQeOOlGKszPD2h/6nT87OzXi9oGalJIrynCrWjrpvnse22fY+7p1HTWxS/vBNG21j80PjKXAI6ivj0Fuw7SitpeuASlJvHJ0WnaDSiu5PzP4BlwvqUCP9o0Vf83dIH34SlLhEiEKlwlxvAqtV72bluII85tLfA52Eq2WHD5dkfSCSeZXehC7XQQi6CVa51xLN3LcIeP9G5SERuDDczWOBi6XHEayvSA/tHjLaVbjiLYeUz56DSnu1j4LcpBmZ/2qSowq539OG9DLV165SooQLmbb9g+9lXFqfMVGT8qSbx+8zpDXcekK3RiKrXoQVMYiGM8MJmmJ7qvHfSfDuoe9ALwa6Lq5O98/AZLqb1RhSeP8z4sL1ghe4p71JKMWPYauLDK3HRSkXTZYpw6Kfl3x9QcwSo1dXF0Gdpv4r1UFL8nd2TBiyVDf1/4lnhZE4jxyP9hcTmIW27WwIm2DjiX4M2REHuI5in3QrtDX1T7PmMPdU46K2GC10M/n5yzGTdZN80qebxEu3Nw3T69Yf75MrvsNO0mtFOG5Lfpcb3JBZxEPJE+sqe0P80k31f2Q/zTsgUhPPMD+JMR8oE/iWAoVSmRhI/znQXMNXR+AfMHc1fuhJNkjbeg0nfmAiGoE0Gyb9cg6Ta4dl30gTYapCvYir7v+py XbIFiKD2 nu3auy6791cFPgRC0l8GOlof1H+ma5RDZfvCbF13BSFPbeOnoE6uHK3cHzrar1aVXtiIAmxvSU4TrmwEDifJY2LHxsm8neByWAVIgGv1Y+sKC4cKCOW+waDWetE5OH7m8WSHPAy13UePMm9g97l0aWzAh44c6PkBg6IX8nPm1zAGjIw5eq5lS9EaRElEdUFLfOJNDxcWyP/aHD/VI1/PL90kEhr12L7cMPYLSocGYLIpnOSipftOqECKLKpyIoLSBylEeGMCqONa9qSMqYTEta6Mq8objc3JH619YzrzIdfU+m+WfiTvrFMje5zPRO3itKk/O75DO+URUjnSZdTyAmQWoyrl9NCgyhbHuFsAQcMWhLJ3zirCWNuKFkcNWYq6+7qG7/PR1P0rsdpCYCPVdr/Zs1WDe5QPB4dYDXht5KOekM6Go4yCrbP0gvYYugScYpN4u4Gvxi8b7jHRzJk2fx5TA5FqLTi12FF8V+tDWisMkb6v4c+HhmTmrnjcqp8uQucAsbcF/wXGNBmHbiHTCLSr4bISzpBYdMHd/MNsYTKPQba010fNiL/oaAZ9kL1/S07T9Z9RN9/PkxevggR6LqjDgrQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Jeff Xu Add documentation for sysctl vm.memfd_noexec Link:https://lore.kernel.org/linux-mm/CABi2SkXUX_QqTQ10Yx9bBUGpN1wByOi_=gZU6WEy5a8MaQY3Jw@mail.gmail.com/T/ Reported-by: Dominique Martinet Signed-off-by: Jeff Xu --- Documentation/admin-guide/sysctl/vm.rst | 30 +++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/Documentation/admin-guide/sysctl/vm.rst b/Documentation/admin-guide/sysctl/vm.rst index 45ba1f4dc004..621588041a9e 100644 --- a/Documentation/admin-guide/sysctl/vm.rst +++ b/Documentation/admin-guide/sysctl/vm.rst @@ -424,6 +424,36 @@ e.g., up to one or two maps per allocation. The default value is 65530. +memfd_noexec: +============= +This pid namespaced sysctl controls memfd_create(). + +The new MFD_NOEXEC_SEAL and MFD_EXEC flags of memfd_create() allows +application to set executable bit at creation time. + +When MFD_NOEXEC_SEAL is set, memfd is created without executable bit +(mode:0666), and sealed with F_SEAL_EXEC, so it can't be chmod to +be executable (mode: 0777) after creation. + +when MFD_EXEC flag is set, memfd is created with executable bit +(mode:0777), this is the same as the old behavior of memfd_create. + +The new pid namespaced sysctl vm.memfd_noexec has 3 values: +0: memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like + MFD_EXEC was set. +1: memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like + MFD_NOEXEC_SEAL was set. +2: memfd_create() without MFD_NOEXEC_SEAL will be rejected. + +The default value is 0. + +Once set, it can't be downgraded at runtime, i.e. 2=>1, 1=>0 +are denied. + +This is pid namespaced sysctl, child processes inherit the parent +process's memfd_noexec at the time of fork. Changes to the parent +process after fork are not automatically propagated to the child +process. memory_failure_early_kill: ==========================